PassQuantum

PassQuantum is an open source desktop password manager built around post-quantum cryptography standards finalized by NIST in 2024 (FIPS 203 and FIPS 204). Unlike most password managers that rely on RSA or ECC for key operations, PassQuantum uses ML-KEM 768 (Kyber768) for key encapsulation and ML-DSA (Dilithium) for digital signatures, making vault data resistant to harvest-now-decrypt-later attacks from future quantum computers.

Each vault item is protected by a triple-layer encryption model: AES-256-GCM for payload encryption, ML-KEM 768 for per-item key encapsulation, and a master password derived with Argon2id (64 MB, 4 threads). Vault integrity is verified with HMAC-SHA256. All data is stored locally in encrypted .pqdb files with POSIX 0600 permissions. The application makes zero network calls — no telemetry, no sync servers, no accounts required.

PassQuantum includes an optional passive face biometrics module powered by a Python/MediaPipe sidecar process. Once enabled, it monitors the webcam continuously and automatically locks the vault after 5 seconds without a recognized face, using 468-point facial landmark detection with blink-based liveness verification.

Additional features include a multi-vault architecture, a password generator, a password strength analyzer with entropy scoring, and support for encrypted notes and card items alongside standard password entries.

The application is built with Go and the Fyne UI toolkit. Cryptography is handled exclusively through native Go libraries with no third-party crypto wrappers. PassQuantum has not been independently audited; the project discloses this explicitly in its documentation.

Available for Windows and Linux. MIT licensed.